GPS World

Tag: Department of Homeland Security

  • FAA restricts drones over federal prisons, Coast Guard bases

    The Federal Aviation Administration (FAA) has established temporary unmanned aircraft system (UAS) flight restrictions over federal penitentiaries and U.S. Coast Guard bases.

    The restrictions, which take place June 20, are for drone flights up to 400 feet within the lateral boundaries of the facilities.

    The restrictions came at the request of federal security partners the Department of Justice (DOJ) and Department of Homeland Security (DHS).

    The FAA is using its existing authority under Title 14 of the Code of Federal Regulations (14 CFR) § 99.7 — “Special Security Instructions” — to address concerns about drone operations over these facilities,” the agency stated.

    Information on the FAA Notice to Airmen (NOTAM), which defines these restrictions, and the covered locations, can be found on the FAA’s UAS website. Broader information regarding flying drones in the National Airspace System, including frequently asked questions, is also on the FAA website.

    An interactive map, downloadable geospatial data and other important details can be found here.

    A link to the restrictions is also included in the FAA’s B4UFLY mobile app.

    This is the first time the FAA has placed specific flight restrictions for unmanned aircraft over Federal Bureau of Prisons and Coast Guard facilities. The FAA has placed similar flight restrictions over military installations that remain in place, as well as over 10 Department of Interior facilities and seven Department of Energy facilities.

    Operators who violate the flight restrictions may be subject to enforcement action, including potential civil penalties and criminal charges.

    There are a few exceptions that permit drone flights, which must be coordinated with the individual facility or the FAA.

    The FAA is considering additional requests by eligible federal security agencies for UAS-specific flight restrictions using the agency’s §99.7 authority as they are received. Additional changes to these restrictions will be announced by the FAA as appropriate.

    The following facilities will have the new restrictions:

    United States Penitentiaries (USP)

    USP Tucson near Tucson, AZ
    USP Atwater near Atwater, CA
    USP Victorville near Victorville, CA
    USP Florence High near Florence, CO
    USP Florence ADMAX near Florence, CO
    USP Coleman I near Sumterville, FL
    USP Coleman II near Sumterville, FL
    USP Marion near Marion, IL
    USP Terre Haute near Terre Haute, IN
    USP Big Sandy near Inez, KY
    USP McCreary near Pine Knot, KY
    USP Pollock near Pollock, LA
    USP Yazoo City near Yazoo City, MS
    USP Allenwood near Allenwood, PA
    USP Canaan near Waymart, PA
    USP Lewisburg near Lewisburg, PA
    USP Beaumont near Beaumont, TX
    USP Lee near Pennington Gap, VA
    USP Hazelton near Bruceton Mills, WV

    United States Coast Guard (USCG) Bases

    USCG Baltimore Yard, MD
    USCG Base Boston, MA
    USCG Base Alameda, CA
    USCG Base Los Angeles/Long Beach (LALB), CA
    USCG Base Elizabeth City, NC
    USCG Base Kodiak, AK
    USCG Base Miami, FL
    USCG Base Portsmouth, VA
    USCG Base Seattle, WA
    USCG Operations System Center (OSC) near Martinsburg, WV

  • Sensofusion’s counter-UAS Airfence preps for production with DOD

    Sensofusion’s counter-UAS Airfence preps for production with DOD

    In the spring of 2017, the U.S. Marine Corps Warfighting Laboratory (MCWL) — via the Defense Department’s Defense Innovation Unit Experimental (DIUx) — engaged in a one-year prototype contract with Sensofusion to develop a ground-based mobile counter-UAS solution stemming from Sensofusion’s pre-existing core product Airfence.

    Sensofusion acted as lead integrator and further advanced Airfence to integrate radar and optics systems on board vehicles enabling all systems to work in unison, with Airfence being the core counter-UAS solution by means of RF detection and transmission.

    The DIUx project has been active for more than 12 months, growing and expanding since its late March 2017 launch.

    Airfence is now fully ruggedized, meeting IP67 ruggedization requirements. Furthermore, Airfence has outperformed all tests for range of detection and counterattack capabilities and has also greatly increased the number of drones within its library it can detect, track and defeat yielding zero false positives, Sensofusion said. The system has outperformed range testing at the Marine Corps Base in Quantico, Virginia.

    In addition, Airfence exceeded expectations against a large variety of small UAVs — including fixed wings and rotorcrafts — while Marines operated the technology under extreme weather conditions in Arizona at Yuma Proving Grounds. YPG is the largest U.S. military installation in the world and has been a key site for testing military equipment since World War II.

    Through its work with the U.S. Marine Corps, Sensofusion has brought its system to a single sensor solution, which is beneficial for tactical use in a mobile convoy scenario.

    Airfence also can be used for fixed installations when protecting areas such as military bases, airports, prisons, oil refineries and pipelines, nuclear power plants, power plants, government buildings and border walls.

    Sensofusion has made major leaps in its ability to detect and defeat rogue drones by means of protocol demodulation and manipulation.

    “Our work in the past year with the Marines enables us to meet production readiness with our flagship counter-UAS solution, AIRFENCE, and are now prepping for production with the Departments of Defense and Homeland Security,” said Sensofusion Vice President Kaveh Mahdavi. “We’re now at a point where DoD, DHS — really, any government organization — can order our standardized counter-UAS platform, Airfence, in large quantities. This is a significant advancement within our developing drone defense industry and will act as the benchmark for all future solutions.”

    Extension to Sensofusion-U.S. DoD contract signed. As Sensofusion ramps up production for AIRFENCE across government agencies in America, it continues to align with MCWL, signing a one-year extension to the agreement with the DoD to innovate and implement new capabilities within signal intelligence.

  • System of Systems: DHS Receiver Improvements, Australian SBAS

    System of Systems: DHS Receiver Improvements, Australian SBAS

    DHS Spells Out Receiver Improvements

    In early January, a new Department of Homeland Security (DHS) document appeared: “Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure.”

    The document focuses on receivers used in critical infrastructure, with an emphasis on timing receivers. It provides owners, operators, researchers, designers and manufacturers with information to improve the security and resilience of PNT equipment across the spectrum of equipment development, deployment and use.

    Specifically, its recommendations address:

    • installation and operation strategies that can be implemented for current equipment,
    • strategies that can result in more robust and resilient new and/or improved products based on existing technology and knowledge,
    • research and development that can lead to improved future capabilities.

    It introduces clear definitions of different categories of threats and hazards, including the new term “data spoofing.” It recommends some creative ways to install receive antennas, such as using decoy antennas and obscuring the location of the actual antennas being used, presumably to foil some spoofing attacks.

    It also points out that modern GNSS receivers are computers, and need to be operated and maintained with good cyber hygiene, just like other computers.

    The extensive list of recommended development strategies will challenge manufacturers while informing purchasers about the features they can seek in new equipment.

    Implementing these recommendations will lead to increased competence — that is, equipment that is better able to accommodate imperfect or faulty inputs, intentional or not.

    This document reflects the recognition that many reported problems or difficulties with GPS could be prevented or mitigated by improvements in GPS user equipment and how it is installed and operated. It is encouraging to see DHS taking steps to remedy this situation, and important that manufacturers of timing receivers, as well as critical infrastructure owners and operators that use timing receivers, follow through on these recommendations.

    Also for Receiver Manufacturers

    The Radio Technical Commission for Maritime Services (RTCM) has issued a paper with calculation algorithms to promote consistent BeiDou IODE and IODC computational approaches within the community.

    To improve precision navigation, a second-generation SBAS will use signals from both GPS and Galileo, and dual frequencies, to achieve even greater GNSS integrity and accuracy.
    To improve precision navigation, a second-generation SBAS will use signals from both GPS and Galileo, and dual frequencies, to achieve even greater GNSS integrity and accuracy.

    Second-Generation SBAS

    Geoscience Australia, an agency of the Commonwealth of Australia, will collaborate with Lockheed Martin,  Inmarsat and GMV on research to show how augmenting signals from multiple GNSS constellations can enhance positioning, navigation and timing for a range of applications.

    The project aims to demonstrate how a second-generation satellite-based augmentation system (SBAS) testbed can for the first time use signals from both GPS and Galileo, as well as dual frequencies, to provide greater integrity and accuracy. Over two years, the testbed will validate applications in nine industry sectors: agriculture, aviation, construction, maritime, mining, rail, road, spatial and utilities.

    Basic GNSS signals require augmentation to meet higher safety-of-life navigation requirements. The second-generation SBAS will mitigate that issue. Once the testbed is operational, basic GNSS signals will be monitored by widely distributed reference stations operated by Geoscience Australia.

    A master station, installed by GMV, will collect the data, compute corrections and integrity bounds for each GNSS satellite signal, and generate augmentation messages.

    A Lockheed Martin uplink antenna at Uralla, New South Wales, will send these augmentation messages to an SBAS payload hosted aboard a geostationary Earth orbit satellite, owned by Inmarsat, which rebroadcasts the augmentation messages containing corrections and integrity data to end users. The whole process takes less than six seconds.

  • Friday is deadline for GPS OEMs to join live-sky spoofing event

    Friday is the deadline for GPS manufacturers to apply to test their equipment at a special event with live-sky test scenarios focused on spoofed GPS signals.

    The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) is offering an opportunity for manufacturers of GPS equipment used in critical infrastructure to test their products against GPS jamming and spoofing.

    The GPS Testing for Critical Infrastructure (GET-CI) event, set for April 17-21 at the Muscatatuck Urban Training Center in Butlerville, Indiana, is the first in a series of test opportunities.

    “Accurate and precise position, navigation, and timing (PNT) information is vital to the nation’s critical infrastructure,” said Robert Griffin, acting DHS under secretary for Science and Technology. “S&T has established this program to assess GPS vulnerabilities, advance research and development, and to enhance outreach and engagement with industry. The objective is to improve the security and resiliency of critical infrastructure.”

    The GET-CI events provide industry an opportunity to test GPS equipment in unique live-sky environments. For the April event, DHS S&T will be creating live-sky test scenarios focused on spoofed GPS signals.

    DHS S&T invites manufacturers of commercial GPS receivers and equipment used in critical infrastructure to submit applications for participation. For submission instructions and further information, see the Request for Information for Participation (RFIP) announcement on FedBizOpps.

    Interested organizations should submit their applications for participation by March 3.

    Email [email protected] with questions about the event and how to participate.

  • Recommendations: RTCM on BeiDou use, DHS on critical timing receivers

    Two documents of interest and importance to GNSS designers and manufacturers have been published, one from the Radio Technical Commission for Maritime Services (RTCM) and one from the U.S. Department of Homeland Security (DHS).
    Improving_the_Operation_and_Development_of_Global_Positioning_System_(GPS)_Equipment_Used_by_Critical_Infrastructure_S508C-cover

    The latter document is the subject of a news story concerning receivers used in critical infrastructure, with an emphasis on timing receivers. It provides owners, operators, researchers, designers and manufacturers with information to improve the security and resilience of PNT equipment across the spectrum of equipment development, deployment and use. It makes specific recommendations.

    The first-mentioned document is a white paper issued by the RTCM. It follows here, largely verbatim. It is titled “GNSS Community Benefit from Strong International Coordination and Cooperation,” and it addresses an important issue for GNSS receiver manufacturers and others concerning use of BeiDou signals. The authors believe that early publication and dissemination of the recommendation is needed to prevent possible confusion down the line.

    GNSS Community Benefit from Strong International Coordination and Cooperation

    Introduction

    The ephemeris broadcast by China’s BeiDou Navigation Satellites do not directly provide unique identifiers that are similar to the GPS’s “Issue of Data, Ephemeris” (IODE) and “Issue of Data, Clock” (IODC) values. Special Committee #104 (SC-104) of the Radio Technical Commission for Maritime Services (RTCM) has been working with the China Satellite Navigation Office (CSNO) to ensure that equivalent BeiDou IODE and IODC values can be generated.

    This paper presents the BeiDou IODE and IODC calculation algorithms that were developed by RTCM’s SC-104 and are being shared with the GNSS community in an effort to promote consistent BeiDou IODE and IODC computational approaches within the community.

    Background

    Most GNSS position and timing related algorithms need to know exactly where the satellite was at the moment the signal component of interest was transmitted. The signal sent from these satellites also contain messages, which contain parameters used to calculate the position and clock errors of that satellite for a moment of interest within the validity period of those orbital parameters. Because this validity period is relatively short (e.g., +/-4 hours of the current time), the satellites are periodically broadcasting new orbital parameters. These orbital parameters are often referred to as the satellite broadcast ephemeris. Plots from the different broadcast ephemeris for the same satellite do not directly overlay each other because there are forces acting on those satellites (such as solar wind, ionospheric drag, and gravitational anomalies) that do not permit long term exact prediction of orbits and clocks.

    Many differential correction services require both the correction generator system (e.g., reference station and reference networks) and the correction consumer (e.g., GNSS rover receivers) know and use the exact same orbital parameters. That is, the consumer of the corrections needs to apply those corrections using the exact same orbital parameters as those used to create the corrections. Failure to do so results in errors and biases for reasons earlier described. In such correction services, the correction message contains information enabling the consumer to uniquely identify the orbital parameters used by the generator.

    Correction services need a mechanism to uniquely identify the orbit parameters used by the correction generator system. The GPS Broadcast ephemeris messages are uniquely identified for a certain period of time by what are known as the “Issue Of Data, Ephemeris” (IODE) and the “Issue of Data, Clock” (IODC). Other GNSS constellations have similar concepts, or at least other parameters that can be used for similar purposes. Unfortunately, the 2011, 2012 and 2013 BeiDou Signal-In-Space Interface Control Documents (BDS-SIS-ICD) have offered no information enabling one to develop some mechanism for such a unique identification.

    In 2013 RTCM SC-104 created the BeiDou Working Group (BDS WG). Since then, the BDS WG has worked closely with the China Satellite Navigation Office (CSNO) to ensure proper inclusion of BeiDou in RTCM standards and recommendations. As part of this effort, RTCM SC-104 and the CSNO explored several avenues concerning equivalent BeiDou values of IODE and IODC. Ultimately an approach was selected by the CSNO. The selected approach stems from a ground-segment based approach which does not require a change to the BeiDou broadcast message format. However, it does then require that the users of BeiDou needing IODE and/or IODC values ensure that they employ the exact same algorithm to compute those values from the data available in the broadcast ephemeris.

    In May 2016, Kendall Ferguson (RTCM SC-104 Chair), Shaowei Han (Wuhan Navigation and LBS, Ltd. and Chair of the RTCM SC-104 BDS WG), and Dr. Hui Liu (Wuhan University /Wuhan Navigation and LBS, Ltd. and co-Chair of the RTCM SC-104 BDS WG) met with the Deputy Director of the CSNO. In that meeting, the CSNO Deputy Director indicated that a soon to be release BDS-SIS-ICD would provide information that would enable calculation of equivalent BeiDou IODE and IODC values. In November 2016, the CSNO released the BDS-SIS-ICD, Version 2.1, and that ICD contains the needed information.

    The language in the new BDS-SIS-ICD indicates that the normal ephemeris update (i.e., with new ephemeris parameters) will occur every hour on the hour when everything is normal.  If new parameters are needed for whatever reason, they will occur on 12 minute slots within the hour.  Any parameter that is changed in a broadcast ephemeris that is related to toc will result in a new toc (coincident with the 12-minute slot of the hour).  Likewise, any parameter that is changed in a broadcast ephemeris that is related to toe will result in a new toe (coincident with the 12-minute slot of the hour).  Whenever toc changes so will toe.  There will be no repeated toc or toe values within a week.

    On February 3, 2017, RTCM SC-104 formally approved algorithms for BeiDou ephemeris unique identifiers that can be computed by both message generators and message consumers. The reason for announcing this approval is to proactively prevent a wide variety of BeiDou IODE/IODC algorithms from emerging throughout the GNSS community.

    These RTCM BeiDou IODE and IODC algorithms are:

    BDS IODC=mod (toc / 720, 240)

    BDS IODE=mod (toe / 720, 240)

    The modulo 240 gives an 8-bit IODE (and an 8-bit IODC) that provides 2 days of uniqueness and which offers the smaller bit size needed for correction messages.   The values from 240 to 255 thus offer some future expansion should additional cases be needed.

    Unlike the relationship between the GPS IODE and GPS IODC, the BDS IODC may not be equal to the BDS IODE. The BDS IODC may be updated much more often than BDS IODE. However, whenever the BDS IODE is changed, the BDS IODC is also changed at the same time. Thus, RTCM will be using the BDS IODC as the unique ephemeris identifier in its messages.

    Conclusions

    Special Committee #104 (SC-104) of the Radio Technical Commission for Maritime Services (RTCM) has been working with the China Satellite Navigation Office (CSNO) seeking methods where by BeiDou equivalents of the GPS IODE and IODC might become available. The BDS-SIS-ICD, Version 2.1, released November 2016, provides information about the constellation allowing computation of IODE and IODC values from its broadcast ephemeris. In February 2017, RTCM SC-104 approved the algorithms it will use to compute unique ephemeris identifiers that will be contained in its messages, thus allowing the recipients of RTCM BeiDou related messages to identify the ephemeris used by the sender of such messages. RTCM is announcing these algorithms in an effort to prevent a variety of such algorithms from emerging and thus causing community confusion.

     

  • Homeland Security spells out receiver improvements

    In early January, a new U.S. Department of Homeland Security (DHS) document appeared: “Improving the Operation and Development of Global Positioning System (GPS) Equipment Used by Critical Infrastructure.”

    Improving_the_Operation_and_Development_of_Global_Positioning_System_(GPS)_Equipment_Used_by_Critical_Infrastructure_S508C-coverThe document focuses on receivers used in critical infrastructure, with an emphasis on timing receivers. It provides owners, operators, researchers, designers and manufacturers with information to improve the security and resilience of PNT equipment across the spectrum of equipment development, deployment and use.

    Specifically, its recommendations address:

    • installation and operation strategies that can be implemented for current equipment,
    • strategies that can result in more robust and resilient new and/or improved products based on existing technology and knowledge,
    • research and development that can lead to improved future capabilities.

    It introduces clear definitions of different categories of threats and hazards, including the new term “data spoofing.” It recommends some creative ways to install receive antennas, such as using decoy antennas and obscuring the location of the actual antennas being used, presumably to foil some spoofing attacks. It also points out that modern GNSS receivers are computers, and need to be operated and maintained with good cyber hygiene, just like other computers.

    The extensive list of recommended development strategies will challenge manufacturers while informing purchasers about the features they can seek in new equipment.

    Implementing these recommendations will lead to increased competence — that is, equipment that is better able to accommodate imperfect or faulty inputs, intentional or not.

    The document reflects the recognition that many reported problems or difficulties with GPS could be prevented or mitigated by improvements in GPS user equipment and how it is installed and operated. It is encouraging to see DHS taking steps to remedy this situation, and important that manufacturers of timing receivers, as well as critical infrastructure owners and operators that use timing receivers, follow through on these recommendations.

    The document is posted on the website for DHS’ National Cybersecurity & Communications Integration Center, National Coordinating Center for Communications-Computer Emergency Readiness Team.

  • FAA tests FBI drone detection system at JFK

    FAA tests FBI drone detection system at JFK

    The United States Federal Aviation Administration (FAA) and its government partners are expanding research on ways to detect “rogue” drones around airports. Together, they are evaluating drone detection technology at John F. Kennedy International Airport (JFK) in New York.

    Over the last two years, the FAA has received numerous reports from pilots and residents about unmanned aircraft systems — UAS, or “drones” — around some of the nation’s busiest airports, including JFK.

    “We face many difficult challenges as we integrate rapidly evolving UAS technology into our complex and highly regulated airspace,” said Marke “Hoot” Gibson, FAA senior advisor on UAS integration. “This effort at JFK reflects everyone’s commitment to safety.”

    Terminal 6 at JFK Airport. (Photo: New York Photo Gallery)
    Terminal 6 at JFK Airport. (Photo: New York Photo Gallery)

    Beginning May 2, the FAA conducted evaluations at JFK to study the effectiveness of a Federal Bureau of Investigation (FBI) UAS detection system in a commercial airport environment.  Five different rotorcraft and fixed-wing UAS participated in the evaluations, and about 40 separate tests took place.

    The JFK evaluation involved extensive government inter-agency collaboration, and cooperation from industry and academia. The tests expanded on research performed earlier this year at Atlantic City International Airport.

    In addition to the FAA and the FBI, the agencies combining forces in this research included the Department of Homeland Security (DHS), Department of Justice, Queens District Attorney’s Office and the Port Authority of New York and New Jersey. DHS and the FBI want to identify unauthorized UAS operators for law enforcement purposes, and the FAA’s mission is to provide a safe and efficient airport environment for both manned and unmanned air traffic.

    “We applaud the FBI and FAA for their efforts to detect and track unmanned aerial systems (UAS),” said Thomas Bosco, Port Authority aviation director.  “We look forward to supporting continued U.S. government efforts to identify and deploy countermeasures to neutralize the threat posed by rogue UASs.”

    The team evaluating the FBI’s detection system also included contributions from one of the six FAA-designated UAS test sites. The Griffiss International Airport test site in Rome, New York, provided expertise in planning the individual tests as well as the flight commander for the tests and two of the UAS used.

    The FY 2016 Appropriations law mandates that the FAA continue research into detection of UAS in airport environments. The agency is continuing to formulate an inter-agency strategy to evaluate detection systems in a variety of airport environments.

  • CBP Agent Geoffrey Krassy Honored with Top GEOINT Award

    This afternoon at the United States Geospatial Intelligence Foundation’s (USGIF) GEOINT 2015 Symposium, the 2015 Lt. Michael P. Murphy Award in Geospatial Intelligence was presented to Geoffrey D. Krassy, an air interdiction agent for the U.S. Department of Homeland Security’s Customs and Border Protection (DHS CBP).

    David Alexander, director of the Department of Homeland Security Geospatial Management Office, presented the award to Krassy on the Government Pavilion Stage in the GEOINT 2015 Exhibit Hall.

    The Murphy Award is named for Navy SEAL Lt. Michael P. Murphy, a distinguished Penn State alumnus. Murphy was killed June 28, 2005, by enemy forces during a reconnaissance mission in Afghanistan. For his selfless leadership and courageous actions, he was posthumously awarded the Medal of Honor. The Murphy Award recognizes achievement by a Penn State graduate who is serving or has served in the U.S. Armed Forces or U.S. Intelligence Community. Recipients are chosen based upon demonstration of exceptional contributions to the discipline after completing Penn State’s graduate certificate in geospatial intelligence.

    “Geoff’s experience as a Special Operations Pilot combined with his education achievements in geospatial science resulted in a uniquely insightful and practical study addressing the optimal placement of radar to detect low-altitude, ultralight aircraft crossing the U.S. border,” said Dr. Todd Bacastow, professor of practice for geospatial intelligence at Pennsylvania State University. “Geoff’s work offers invaluable lessons into how automated geospatial analysis might be used by the defensive planner.”

    Since 2007, Krassy has served as a CBP air interdiction agent along the U.S. southern border. He also served on the project team that integrates fixed wing patrol aircraft remote sensing capabilities into a common geospatial picture, maximizing the seamless transfer of data between, and interoperability of, DHS air, marine, and, ground forces. Krassy recently achieved a master of professional studies in homeland security from Penn State and holds a bachelor’s degree in history from King’s College in Wilkes-Barre, Penn. Following graduation from King’s College in 1989, Krassy served as a pilot in the U.S. Air Force with Special Operations Forces in the European and African theaters.

    “We at USGIF are truly honored to support this award, given in the name of Medal of Honor recipient Lt. Michael Murphy,” said USGIF CEO Keith Masback. “Further, having the award presented annually at the GEOINT Symposium serves as an important reminder to our attendees about the consequences of the work performed by GEOINT professionals every day. Geoff Krassy exemplifies the very best our profession has to offer and is richly deserving of this meaningful recognition.”

    The generosity of USGIF, the DigitalGlobe Foundation, and faculty, staff, and friends of Penn State fund the Murphy Award.

     

  • Exelis, UrsaNav to Demo eLoran with Homeland Security, Coast Guard

    Exelis, UrsaNav, the Department of Homeland Security’s Science and Technology Directorate (DHS S&T), and the U.S. Coast Guard have entered into a cooperative research and development agreement (CRADA) for testing and demonstration at former Loran-C sites.

    The team will evaluate eLoran as a potential complementary system to GPS. The capabilities and potential utilization methods of eLoran will be explored in depth to identify all strengths, capacities, and potential vulnerabilities of the technology.

    The sites are the legacy ground-based radio navigation infrastructure of the decommissioned Loran-C service that could be retained and upgraded to provide eLoran low frequency service.

    Under the CRADA, Exelis will use the former Loran-C assets to put eLoran signals in space for research, test and demonstration of the ability of eLoran to meet precise positioning, navigation and timing (PNT) requirements of government and privately-owned critical infrastructure. The first station Exelis will broadcast from is located in Wildwood, N.J. The broadcast will provide a usable signal at a range up to 1,000 miles.

    “eLoran is an ideal technology to complement GPS for critical, resilient and assured PNT,” said Ed Sayadian, vice president of Civil & Aerospace Systems for Exelis. “eLoran is a difficult to disrupt technology that offers PNT and wide area broadcast data capabilities indoors, in underground locations and other GPS-denied environments.”

    “A preponderance of government, academic, and industry reports have concluded that eLoran is the best independent, multi-modal solution to provide assured PNT as a complement to GPS,” said Chuck Schue, president and CEO of UrsaNav.

    Exelis and UrsaNav have entered into this CRADA because they believe that low frequency signals, such as eLORAN, operate independently of GPS signals and can provide alternative timing, either standalone, or as a component of a PNT service. Exelis also believes that as a result of its wealth of experience in its PNT portfolio, that there are many civil and defense applications that require precise time and/or position in GPS-denied environments. Examples include radio frequency interference, both intentional and unintentional; signal attenuation from heavy forest canopy, terrain or buildings; and indoor and underground locations.

  • AT&T Ready For Hurricane Season as Part of Disaster Recovery Program

    AT&T’s Network Disaster Recovery (NDR) program, as the first private company certified by the Department of Homeland Security for private-company voluntary disaster preparedness, is committed to maintaining and restoring the AT&T global network when natural disasters strike, the company said.

    Despite predictions, no one is certain when the next tropical storm or hurricane will ravage the coastline. With $600 million invested in the NDR program, AT&T’s arsenal of equipment includes more than 320 technology and equipment trailers that can be quickly deployed, making it one of the nation’s largest and most advanced disaster programs.

    “Staying connected during severe weather events is critically important to consumers, businesses and our emergency management officials,” said Sonia Perez, president, AT&T Louisiana. “That’s why AT&T invests a tremendous amount of resources in our network reliability and disaster response capabilities.”

    The Network Disaster Recovery team works closely with other AT&T response teams, local AT&T network personnel, regional Emergency Operations Centers and Local Response Centers to fortify network facilities and equipment, and stage technicians and resources near the storm impact area. In the event of damage, teams are poised to restore and maintain service until permanent repairs can be made.

    AT&T also conducts readiness drills and simulations throughout the year to ensure its networks are prepared and its personnel are ready to respond at a moment’s notice. Since its inception in 1991, the NDR has responded to more than 20 catastrophes across the U.S.

    Response equipment readied in the wake of an event includes:

    • Mobile cell sites and mobile command centers
    • Emergency communications vehicles
    • A self-sufficient base camp, complete with sleeping tents, bathrooms, kitchen, laundry facilities, on-site nurse and meals ready to eat (MREs)
    • Hazmat equipment and supplies
    • Technology and support trailers to provide infrastructure support and mobile heating ventilation and air conditioning
    • Internal and external resources for initial assessment and recovery efforts.

    Consumers and businesses also should have a plan in place. When preparing for an evacuation or shelter-in-place, remember these tips:

    • Keep your wireless phone batteries charged at all times. In case of a power outage, have alternate means of charging your phone available, such as an extra battery, car charger or device-charging accessory. Sales tax holidays are a great time to stock up on cell phone accessories for your household.
    • Keep your wireless phone dry. The biggest threat to your device during a hurricane is water, so keep your equipment safe from the elements by storing it in a baggie or some other type of protective covering, such as an Otterbox phone cover.
    • Have a family communication plan in place. Designate someone out of the area as a central contact, and make certain that all family members know who to contact if they get separated. Most importantly, practice your emergency plan in advance.
    • Forward your home number to your wireless number in the event of an evacuation. Because call forwarding is based out of the telephone central office, you will get incoming calls from your landline phone even if your local telephone service is disrupted at your home. In the unlikely event that the central office is not operational, services such as Voicemail, Call Forwarding, Remote Access call forwarding and call forwarding busy line/don’t answer may be useful.
    • Track the storm and access weather information on your wireless device. Many homes lose power during severe weather. If you have a working wireless device that provides access to the Internet, you can watch weather reports through services like AT&T U-verse Live TV or keep updated with local radar and severe weather alerts through My-Cast Weather, if you subscribe to those services.
    • Take advantage of location-based mapping technology. Services such as AT&T Navigator and AT&T FamilyMap can help you seek evacuation routes or avoid traffic congestion from downed trees or power lines, as well as track a family member’s wireless device in case you get separated.

    Keeping the lines open for emergencies

    During evacuations, the storm event and its aftermath, network resources will be taxed. To help ensure that emergency personnel have open lines, keep these tips in mind:

    • Text messaging. During an emergency situation, text messages may go through more quickly than voice calls because they require fewer network resources. All of AT&T’s wireless devices are text messaging capable. Depending on your text or data plan, additional charges may apply.
    • Be prepared for high call volume. During an emergency, many people are trying to use their phones at the same time. The increased calling volume may create network congestion, leading to “fast busy” signals on your wireless phone or a slow dial tone on your landline phone. If this happens, hang up, wait several seconds and then try the call again. This allows your original call data to clear the network before you try again.
    • Keep non-emergency calls to a minimum, and limit your calls to the most important ones. If there is severe weather, chances are many people will be attempting to place calls to loved ones, friends and business associates.

    Small Business Tips:

    • Set up a call-forwarding service to a predetermined backup location. Set up a single or multiple hotline number(s) for employees, employees’ families, customers and partners, as appropriate, to call so that all parties know about the business situation and emergency plan.
    • Back up data to the Cloud. Routinely back up files to an off-site location. Services such as Mobile Workplace are a suggested solution for small businesses.
    • Outline detailed plans for evacuation and shelter-in-place plans. Practice these plans (employee training, etc.). Establish a backup location for your business and meeting place for all employees.
    • Assemble a crisis-management team and coordinate efforts with neighboring businesses and building management. Be aware that disasters affecting your suppliers also affect your business. Outline a plan for supply chain continuity for business essentials.
    • Consider a back-up cellular network. Services like AT&T Remote Mobility Zone, allows organizations to protect their critical communications by installing small cell sites at the businesses’ locations. If a disaster disables primary communications networks, the back-up cellular network can help keep your company connected.

    Additional information and tips for disaster preparedness can be found at www.att.com/vitalconnections.

  • Drone Hack: Spoofing Attack Demonstration on a Civilian Unmanned Aerial Vehicle

    By Daniel Shepard, Jahshan A. Bhatti, and Todd E. Humphreys

    
    Unmanned aerial vehicle (uav) used in the spoofing tests; owned by the University of Texas.

     A radio signal sent from a half-mile away deceived the GPS receiver of a UAV into thinking that it was rising straight up. In this way, the UAV’s dependence on civil GPS allowed the spoofer operator to force the UAV vertically downward in dramatic fashion as part of multiple capture demonstrations.

    In December 2011, Iran captured a U.S. Central Intelligence Agency (CIA) surveillance drone with only minor damage to the undercarriage of the drone, likely due to a rough landing when captured. An Iranian engineer claimed in an interview that “Iran managed to jam the drone’s communication links to American operators” causing the drone to shift into an autopilot mode that relies solely on GPS to guide itself back to its home base in Afghanistan. With the drone in this state, the Iranian engineer claimed that “Iran spoofed the drone’s GPS system with false coordinates, fooling it into thinking it was close to home and landing into Iran’s clutches.”

    Although the Iranian claims are highly questionable, this incident left many unanswered questions as to the security of GPS systems on unmanned aerial vehicles (UAVs). The CIA drone should have been guiding itself based on the encrypted military GPS signals, which would be incredibly difficult to spoof. However, some experts have conjectured that simultaneous jamming of the military signals and spoofing of the civilian signals might have worked if the drone had been programmed to fall back on the civilian GPS signals in the event that the military signals were jammed. This raises the question: How difficult would it be to spoof a UAV guiding itself based on civilian GPS signals?

    FAA Modernization Act

    In February of this year, Congress passed the FAA Modernization and Reform Act of 2012. According to the Library of Congress summary, this act “requires the Secretary [of Transportation] to develop a plan to accelerate safely the integration by September 30, 2015, of civil unmanned aircraft systems (UASes, or drones) into the national airspace system … [and] determine if certain drones may operate safely in the national airspace system before completion of the plan.”

    Such civilian UAVs would be primarily guided by civil GPS, which has been shown to be readily spoofable in the lab. This would create a significant potential hazard in the national airspace if the problem of civil GPS spoofing is not fixed. Thousands of civilian UAVs (operated by postal services, police departments, research institutions, and others) could populate the skies in only a few years while still being vulnerable to remote hijacking via GPS spoofing. The passing of the FAA Modernization Act further emphasizes the need to examine the vulnerability of UAVs to GPS spoofing.

    Test

    On invitation of the Department of Homeland Security (DHS), unclassified spoofing tests against a UAV were performed at White Sands Missile Range (WSMR) on June 19, 2012 during the DHS GYPSY test exercise. These tests demonstrated the capability of a spoofer, built by the University of Texas (UT) Radionavigation Lab, to commandeer a civilian UAV by influencing the position-velocity-time (PVT) solution of the UAV’s GPS receiver.

    The Spoofer. The civil GPS spoofer used for these tests is an advanced version of the spoofer reported in “Assessing the Spoofing Threat,” GPS World, January 2009. A schematic representation of the spoofer is shown in Figure 1. It is the only spoofer reported in open literature to date that is capable of precisely aligning the spreading codes and navigation data of its counterfeit signals with those of the authentic GPS signals. Such alignment capability allows the spoofer to carry out a sophisticated spoofing attack in which no obvious clues remain to suggest that an attack is underway.


    Figure 1. This spooler is capable of precisely aligning the spreading code and navigation data of its counterfeit signals with GPS signals.

    The spoofer is implemented on a portable software-defined radio platform with a digital signal processor (DSP) at its core. This platform comprises:

    • A radio frequency (RF) front-end that down-mixes and digitizes GPS L1 and L2 frequencies
    • A DSP board that performs acquisition and tracking of GPS L1 C/A, calculates a navigation solution, predicts the L1 C/A databits, and produces a consistent set of up to 14 spoofed GPS L1 C/A signals with a user-controlled fictitious implied navigation and timing solution.
    • An RF back-end with a digital attenuator that converts the digital samples of the spoofed signals from the DSP to analog output at the GPS L1 frequency with a user-controlled broadcast power.
    • A single-board computer that handles communication between the spoofer and a remote computer over the Internet.

    The spoofer works by first acquiring and tracking GPS L1 C/A and L2C signals to obtain a navigation solution. It then enters its “feedback” mode, in which it produces a counterfeit, data-free feedback GPS signal that is summed with its own antenna input. The feedback signal is tracked by the spoofer and used to calibrate the delay between production of the digitized spoofed signal and output of the analog spoofed signal. This is necessary because the delay is non-deterministic on start-up of the receiver, although it stays constant thereafter.

    After feedback calibration is complete and enough time has elapsed to build up a navigation data bit library, the spoofer is ready to begin an attack. Initially, it produces signals that are aligned to within a few meters with the authentic signals at the location of the target antenna but have low enough power that they remain far below the target receiver’s noise floor. The spoofer then raises the power of the spoofed signals slightly above that of the authentic signals. At this point, the spoofer has taken control of the victim receiver’s tracking loops and can slowly lead the spoofed signals away from the authentic signals, carrying the receiver’s tracking loops with it.  The target receiver can be considered completely captured when either of the following are true:

    • each spoofed signal has shifted by 2 µs relative to the authentic signals, or
    • each spoofed signal is at least 10 dB more powerful than the corresponding authentic signal.

    The latter option ensures that there is no significant interaction between authentic and spoofed signals by simultaneously jamming and spoofing.
    The UT spoofer and attack strategy have been tested against a wide variety of civil GPS receivers and have always been successful in commandeering the target receiver.

    Test UAV.  The spoofing tests targeted a University-of-Texas-owned Hornet Mini UAV supplied by Adaptive Flight, which is shown in the  opening photo. The Hornet Mini is roughly five feet long and weighs about 10 pounds when fully loaded. The Mini’s sophisticated avionics package loosely couples an altimeter, magnetometer, and a MEMS IMU package to a GPS receiver via an extended Kalman filter.

    The Hornet Mini is representative of UAVs used by law enforcement. Thus, the results of the spoofing tests with the Mini also apply to other similarly-designed UAVs, including those used in most civil applications, whose navigation systems are centered on civil GPS. It should be noted that no special alterations were made to the Hornet Mini for this test – it was in its “as sold” or “stock” configuration.

    Setup. A schematic of the setup used for the spoofing tests against the civil UAV at WSMR appears in Figure 2. The spoofer was located on a hilltop with the receive antenna on the far side of the hilltop from the transmit antenna as shown in Figure 3. The UAV site was located in a sandy basin approximately 620 meters from the transmit antenna.


    Figure 2. Schematic of the test setup.


    Figure 3. Aerial view of the test site showing the spoofer location on a hilltop and the UAV site 0.62 kilometers away.

    Procedure. The UAV was commanded by its ground controller to hover approximately 60 feet above ground level at the UAV site. After the initial ground control command was sent, the UAV maintained its hovering position automatically based on the navigation solution of its extended Kalman filter, which is based in part on GPS. At this point in the test procedure, the spoofed signals were not being broadcast: the UAV was only under the influence of the authentic GPS signals.

    The spoofer was then commanded to begin transmitting spoofed signals. To ensure seamless capture of the UAV’s GPS unit, the code phases of the spoofed signals were aligned to within meters of the authentic signals at the location of the UAV’s GPS antenna. The spoofed signals overpowered their authentic counterparts and instantly captured the tracking loops within the UAV’s GPS receiver.

    Immediately after capture, the spoofer induced a false velocity and corresponding position change in the UAV’s GPS receiver, drawing the position reported by the UAV’s extended Kalman filter away from the UAV’s commanded hover position. To compensate, the UAV’s flight controller responded by moving in the opposite direction. A safety pilot was on hand to prevent the UAV from drifting out of control.  This was necessary because by commandeering the UAV’s GPS receiver, the spoofer operator effectively breaks the UAV autopilot’s feedback control loop. The spoofer operator must now act as an operator-in-the-loop, which requires real-time, meter-level knowledge of the UAV’s true location.

    Results. Between tests WSMR and UT, the spoofer demonstrated short-term 3-dimensional control of the UAV. Thus, we conclude that it is indeed possible to hijack a civil UAV — in this case, a fairly sophisticated one — by civil GPS spoofing.

    Interestingly, the Hornet Mini relies only on its altimeter for direct measurements of its vertical position; the GPS-measured vertical position is ignored. This can be done with reasonable accuracy because of the Hornet Mini’s short flight endurance (~20 minutes). However, the GPS vertical velocity does affect the extended Kalman filter’s vertical coordinate estimate because the filter propagates GPS velocity measurements through a UAV dynamics model to form an a priori vertical estimate that gets updated with the altimeter measurements. This dependence on GPS velocity allowed the spoofer operator to force the UAV vertically downward in dramatic fashion in the final three capture demonstrations.

    Developing a full spoofer-based control system for a UAV is a difficult problem that, in addition to the requirement for real-time true position feedback, requires the spoofer to model the UAV’s feedback control behavior and to estimate the UAV’s desired path. Causing a UAV to spin out of control and crash is not difficult with a spoofer, but fine-grained control certainly is.

    Implications

    These tests have demonstrated that civilian UAVs will be vulnerable to control by malefactors with a civil GPS spoofer looking to hijack or crash these UAVs unless their vulnerability to GPS spoofing is addressed. There are several reasons why someone may want to spoof a drone including fear over drones invading people’s privacy. This poses a significant safety concern that could result in mid-air collisions with other aerial vehicles or buildings, not to mention loss of property.

    Constructing from scratch a sophisticated GPS spoofer like the one developed by UT is not easy, nor is it within the capability of the average anonymous hacker. It is orders of magnitude harder than developing a GNSS jammer. Nonetheless, the trend toward software-defined GNSS receivers for research and development, where receiver functionality is defined entirely in software downstream of the A/D converter, has significantly lowered the bar to spoofer development in recent years.

    As a point of reference, we estimate that there are more than 100 researchers in universities around the globe who are well-enough versed in software-defined GPS that they could develop a sophisticated spoofer from scratch with a year of dedicated effort. More worrisome is the fact that one does not have to build a sophisticated spoofer like ours, capable of aligning its signals precisely with authentic signals at the location of a chosen target, to spoof a civil GPS receiver. A low-cost off-the-shelf GPS signal simulator would not permit the kind of seamless attack we carried out, but would be adequate to confuse and disrupt the navigation system of a commercial UAV.

    Fixing the Problem

    There is no quick, easy, and cheap fix for the civil GPS spoofing problem. Moreover, not even the most effective GPS spoofing defenses are foolproof. Nonetheless, there are many possible remedies to the spoofing problem that, while not foolproof, would vastly improve civil GPS security. These defenses can be broken up into two categories: cryptographic and non-cryptographic defenses.

    Cryptographic defenses come primarily in two forms, spread-spectrum security codes (SSSC) and navigation message authentication (NMA), depending on whether the unpredictable digital signature is placed on the spread-spectrum code or the navigation data. These cryptographic signatures could be placed on WAAS signals or existing or future GPS signals to provide authentication of the source of the WAAS or GPS signals. A cryptographic defense implemented with appropriate checks to protect against certain variants of spoofing attacks, described in “Straight Talk on Anti-Spoofing,” GPS World, January 2012, would significantly raise the bar for a would-be spoofer. Several proposals for cryptographic methods are currently on the table including a proposal by Logan Scott to place SSSC signatures on GPS L1C signals that will be broadcast by GPS Block III satellites. However, the current proposals for civil GPS cryptographic authentication schemes are still at least several years away from implementation and have a 5-minute window between authentications of each individual GPS signal. These proposals have currently gained no ground in being implemented because of a lack of dedicated funds for development and implementation.

    There are also a number of promising non-cryptographic techniques for civil GPS spoofing detection that include jamming-to-noise power detectors (J/N meters), correlation profile anomaly defenses, and antenna-based defenses. J/N meters are simple and easily-implementable and would prevent a spoofer from simultaneous jamming and spoofing. However, a J/N sensor will not typically detect a spoofing attack in which the spoofed signals are only slightly more powerful than their authentic counterparts. The inclusion of a J/N meter does ensure that the authentic signals will also be visible as a corruption to the correlation curve during a spoofing attack, due to the difficulty of nulling out the authentic signal. This allows correlation profile anomaly defenses to be viable. However, these methods suffer from the difficulty of distinguishing multipath effects from a spoofing attack, particularly in mobile receivers. Antenna-based defenses also present an attractive option for anti-spoofing, but most of these methods require additional hardware (multiple antennas) and cost. One promising new antenna-based defense is currently under development at Cornell University that does not require multiple antennas. This defense involves an extension of the signal spatial correlation technque developed by the University of Calgary PLAN group. However, this technique is still under development, and receivers implementing this technique would likely be several times more expensive than current receivers.

    For details on potential spoofing defenses, see Todd Humphrey’s congressional testimony in “The System.”

    Recommendations

    We recommend that for non-recreational operation in the national airspace, civil UAVs exceeding 18 pounds be required to employ navigation systems that are spoof-resistant. Spoof resistance will be defined through a series of four canned attack scenarios that can be recreated in a laboratory setting. A navigation system is declared spoof-resistant if, for each attack scenario, the system is either unaffected by or able to detect the spoofing attack. Spoofing detection combined with an appropriate GPS-denied mode for the UAV to fall back on will significantly increase the difficulty of mounting a successful spoofing attack.

    Additionally, civil GPS receivers in many critical infrastructures (communications networks, financial trade centers, and the power grid) are also vulnerable to civil GPS spoofing. These critical infrastructures primarily rely on GPS for timing, which is also susceptible to manipulation with varying consequences depending on the application. A discussion of power grid vulnerabilities to GPS spoofing is given in “Going Up Against Time” in this issue of the magazine on page 34. We also recommend that GPS-based timing or navigation systems having a non-trivial role in systems designated by DHS as national critical infrastructure be required to be spoof-resistant.

    Finally, we recommend that funding be committed for development and implementation of a cryptographic authentication signature in one of the existing or forthcoming civil GPS signals. The signature should at minimum take the form of a digital signature interleaved into the navigation message stream of the WAAS signals. A better plan would be to interleave the signature into the CNAV or CNAV2 GPS navigation message stream. The best plan for implementing a cryptographic authentication signature would be to implement the signature as an SSSC interleaved into the spreading code of the L1C data channel. Inclusion of a cryptographic signature would greatly aid manufacturers in developing receivers that are spoof-resistant.

    Manufacturers

    The Hornet Mini UAV carries a µ-blox GPS receiver.

    Daniel P. Shepard is pursuing M.S. and Ph.D. degrees in aerospace engineering at the University of Texas (UT) at Austin. He is a member of the Radionavigation Laboratory.

    Jahshan A. Bhatti is pursuing a Ph.D. in aerospace engineering and engineering mechanics at UT and is a member of the Radionavigation Laboratory.

    Todd E. Humphreys is an assistant professor of aerospace engineering and engineering mechanics at UT and director of the Radionavigation Laboratory. He received a Ph.D. in aerospace engineering from Cornell University.